Alban Diquet

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9 **Description** The issue is related to the Multipeer Connectivity component, which does not require an encrypted session. This allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack. The vulnerability is associated with a lack of protection for service data, which can be exploited by a local attacker to access protected information by conducting attacks on the encryption system. **Recommendations** For Apple iOS versions prior to 9, update to version 9 or later to resolve the issue. As a temporary workaround, consider restricting access to the Multipeer Connectivity component to minimize the risk of exploitation.